deck-wizard

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly uses WebSearch/WebFetch (the web-fetch helper) to fetch public web pages and decklists (e.g., "Research metagame/strategy | WebSearch + WebFetch", "WebFetch the sample list", and other Research/Combo Discovery steps) and requires the agent to read and act on that third‑party content to build or modify decks, which clearly exposes it to untrusted, user-generated web content that can influence tool actions.